From 2ee3fd0a8d4b1ab65cb4077650cda174b779e6f9 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@linuxcare.com.au>
Date: Sat, 26 Aug 2000 04:39:16 +0000
Subject: Handle *really* large index values without segfaulting.

---
 libiptc/libiptc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'libiptc/libiptc.c')

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 781a42db..68b5a149 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -908,6 +908,7 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
 	unsigned int chainindex, offset;
 	STRUCT_ENTRY_TARGET old;
 	struct chain_cache *c;
+	STRUCT_ENTRY *e;
 	int ret;
 
 	iptc_fn = TC_INSERT_ENTRY;
@@ -918,7 +919,8 @@ TC_INSERT_ENTRY(const IPT_CHAINLABEL chain,
 
 	chainindex = entry2index(*handle, c->start);
 
-	if (index2entry(*handle, chainindex + rulenum) > c->end) {
+	e = index2entry(*handle, chainindex + rulenum);
+	if (!e || e > c->end) {
 		errno = E2BIG;
 		return 0;
 	}
@@ -945,6 +947,7 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
 	unsigned int chainindex, offset;
 	STRUCT_ENTRY_TARGET old;
 	struct chain_cache *c;
+	STRUCT_ENTRY *e;
 	int ret;
 
 	iptc_fn = TC_REPLACE_ENTRY;
@@ -956,7 +959,8 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
 
 	chainindex = entry2index(*handle, c->start);
 
-	if (index2entry(*handle, chainindex + rulenum) >= c->end) {
+	e = index2entry(*handle, chainindex + rulenum);
+	if (!e || e >= c->end) {
 		errno = E2BIG;
 		return 0;
 	}
-- 
cgit v1.2.3